Authentication
Profound AI Authentication enables seamless integration of Profound AI's capabilities with your enterprise application. It allows users to securely authenticate into Profound AI using industry standards such as JWT (JSON Web Tokens). This ensures that interactions with Profound AI are both secure and personalized, aligning with your enterprise's authentication protocols.
Authentication Profiles
Profound AI’s support for authentication is enabled through the configuration of authentication profiles. Each profile includes settings for token verification and can be associated with different agents in the system.
To setup one or more profiles, add the authProfiles
object to your config.js file. For example:
authProfiles: {
"Example JWT Profile": {
required: true,
type: "jwt",
key: "your_key_here", // Public or private key
verifyOptions: {
algorithms: ["HS256"] // Specify algorithms
}
}
}
The required
property determines if authentication is mandatory to interact with the agent. When set to true
, every attempt to communicate with the agent will trigger the authentication process, and if unsuccessful, an error message will be displayed. Setting the property to false
makes authentication optional and users will be able to interact with the agent anonymously. While the agent can be restricted in its capabilities and the information it has access to, it will still respond to the anonymous user.
Each profile type
may have its own set of related properties.
The key
property can be either a public or private key, depending on the use case. For token verification (when Profound AI is not the token issuer), a public key it typically used.
The verifyOptions
property allows you to specify token verifications options, such as algorithms
, issuer
, maxAge
, etc. For a complete list of JWT verification options, see npm: jsonwebtoken.
After configuring an authentication profile, follow these steps to assign it to an agent:
Restart the Profound AI server.
Open or refresh the Profound AI IDE in your browser.
Open your Agent file.
Go to the Security tab.
Select your profile in the Authentication dropdown.
Accessing User Identity
Upon successful authentication, the token payload is stored in a special object named identity
. The identity
object can be accessed in your Agent routines and instructions allowing for personalized interactions with the user. For example, your agent instructions may contain the following:
You are here to help an enterprise application user.
Always refer to the user by their name.
The current user name is ${identity.name}.
The above assumes a JWT token payload with a property called name
.
To access identity information inside your agent routines, you must use session data. For instance, to access the user name inside of a routine, you will refer to it as follows: pjs.session.identity.name
. This can then be used to limit data that the agent can retrieve or process.
Client-side Implementation
JWT tokens can be retrieved from client-side storage mechanisms like localStore, sessionStorage, cookies, or JavaScript variables. The Deploy this Agent Dialog in the Profound AI IDE helps construct the appropriate client-side code based on the setup of your agent.
Below is an example client-side implementation:
profound.ai.startAgent({
agent: "my-assistant.agent.json",
jwt: () => sessionStorage.getItem('jwtToken'),
server: "http://your_server"
});
If the token is wrapped in an arrow function like above, the agent will re-evaluate it with every interaction. This means within a Single Page Application, the user can log in or out and the agent will automatically recognize the new effective user without having to restart the conversation.